Reports to: IT Security Operations Lead
Department: Information Technology
This position involves:
- Development of Cathay Pacific’s compliance with security policies
- Contribute in developing of run books and play books to manage various security alerts
- Improve Security monitoring and incident response activities.
- Participate in security related threat hunting and forensic analysis activities.
- Builds expertise through training and development in attacker techniques and trade craft.
- Facilitate Governance of vendors/suppliers to ensure they are meeting their security contractual obligations
- Contribute in developing of overall Data Governance principles and methodologies in Cathay Pacific Airways
- Develop Security awareness material and conduct Security awareness training to Cathay Pacific staff.
- Provide 24x7 on call assistance in responding to security incidents. This is roster based for up to 10 days per month
- Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
- Validate and enforce baseline security configurations for operating systems, applications, networking and telecommunications equipment
- Reviews and analyzes daily security intelligence feeds, provides detection engineering recommendations, and applies protections to mitigate new threats.
- Monitor,analyze, and synthesize daily security alerts/events surfaced via internal and external sources.
- Investigate and validate actionable security alerts/events and escalate or take action as indicated in security model to mitigate threats
- Monitor compliance reviews and carry out assessments; follow up on deficiencies identified and ensure remediation steps have been taken
- Manage day-to-day tasks for: identity and access management, Anti-virus, password management, PKI, IPS, cloud security, Web Proxy, SIEM, DLP etc.
- Process normal and exception-based security authorization requests
All of the following experience and qualifications are preferred, but not mandatory:
- Certification in information security disciplines such as CISM, CISA or CISSP
- University graduate in IT
- 4 years in IT Security field
- Experience with common information security management frameworks, such as ISO 27001, CobiT, ITIL, PCI
- Experience with implementation of security technologies such as: DLP, SIEM, IPS, Anti-Virus, PKI, and cloud security
- Experience managing and monitoring the performance of third party vendors
- In-depth experience working with security monitoring tools
- In-depth experience managing recovery from an incident or major disaster
- Organisational Understanding
- Developing Professional Expertise
- Analysis and Problem Solving
- Customer Focus
- Teamwork and Building Partnersips
Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.